Torrent download = endless Portscans?  Help me please!

Posted on 2009-04-22
Medium Priority
Last Modified: 2013-11-21
Dear EE,

1.)  I have an Astaro ASG220 firewall defending my corporate network.  However, my question is not specific to Astaro's.

2.)  I run the premium (pay version) of AVG 8.5 on my laptop.  I had to disable the software firewall because it conflicted with Appriver hosted exchange.  So I'm using AVG 8.5 without any software firewall.  

3.)  THE PROBLEM:  Everytime anybody on my LAN starts a torrent download - I receive an endless stream of 'portscans' warnings from the Astaro that lists the host's IP address the portscans are coming from.  I just started a 7-hour torrent for Fedora-10-x86_64-CDs (something I would expect to be clean) that I simply must download for tomorrow - no excuses.  You guessed it - the instant I started the download - the Astaro starts sending me portscan warnings.  Super frustrating!  How is it possible that every torrent is "infected" with a portscan viruses?

4.)  MAIN QUESTION:  What precautions can I make to neutralize portscans prior, during, after a torrent download?  How do you neutralize active portscans - without killing a critical download?

5.)  FYI:  It has been roughly (100) minutes since I began the download - I have transmitted over (300) portscans from my laptop that my Astaro has warned on.

6.)  PEOPLE WITHOUT HARDWARE FIREWALLS THAT LIKE TORRENT:  Take it from me - lately - ALL torrents are infected with portscans.  Yes ALL of them.  I don't pretend to know why or how.  My point is only that you should pay attention to the steps to neutralize portscans even though you don't have a firewall confirming that you're sending portscans.  Be careful.

Question by:buymycorp
  • 2

Expert Comment

by:Bradley Haynes
ID: 24208041
Some torrent sites have various ports they use to transfer files. To determine what port you have listening a scan may be done.
In your Firewall you can make a specific exception for the application/torrent client.
Also set up a DMZ so you can "Clean" all the torrents downloaded before they are injected into your production network.

Author Comment

ID: 24215685
The torrent was finished when I arrived back at work this morning.  The finished Fedora_10 cd's were in my torrents\completed folder.  I erased & removed the torrent from the Utorrent client before closing the Utorrent client.  I then burned my (6) CD's and then DELETED EVERYTHING to do with the torrent and downloaded files.

 I'm still receiving portscan warnings from the Astaro every 2 or 3 mintues!!!!  Luckily I have Appriver and they have no mailbox limit!  My mailbox had 1,600 warning emails this morning .  

Again, I don't want to know how to dumb-down my Astaro.  I want to know how to neutralize this portscan.  I'm going to reboot and see if that helps.    

Accepted Solution

Bradley Haynes earned 1500 total points
ID: 24216623
What OS are you running?
Also, set the torrent client to one port and create a tunnel thru the router to that port.
Create a rule in the firewall for that port to allow traffic. If you can limit the time window to the hours that you know ppl will be using their torrent client.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the past decade, as Internet security has become a chief concern of IT professionals, one of the most common questions administrators and users ask is, “Which is more secure, SFTP or FTPS?” In short, both file transfer protocols offer a high…
With the withdrawal of support for Windows Server 2003 this summer, many clients face the issue of moving away from their 2003 installs. There are a few options out there that many people/companies are selling. But the clients I have, haven't wanted…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Suggested Courses
Course of the Month17 days, 5 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question